The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned in an advisory that cardio defibrillators from medical device company Medtronic can be modified while still implanted in patients. Without access control, the defibs can't differentiate between authorized and unauthorized instructions.
Joe FitzPatrick, one of the small number of hardware security experts, says security teams and operators need to ask hard questions when they see claims of malicious hardware implants.
Speculative execution enhanced microprocessor performance, but also made them more susceptible to side-channel attacks. The final fix won’t be via software updates.
A team at the University of North Carolina has developed a tool called Coppelia that can automatically find and build exploits for flaws in hardware designs.
The USB Type-C Authentication Program will attempt to address the very real dangers of USB-based attacks, such as USB devices loaded with malicious payloads to compromise the host system and counterfeit cables that can deliver too much (or too little!) power and damage the system.